A year ago PayPal reported that identity theft was three times
more likely in the UK compared with other European countries,
writes Ben Chai.
It said some 14% of UK online shoppers had fallen victim to
identity theft, three times higher than other European
countries.
Paypal warned that online security was being undermined by
popular social networking site posting details. It said that one in
seven (14%) "social networkers" in the UK admit to displaying
password-related information on a social networking page, which
could ultimately lead to identity theft.
The PayPal study also found that a number of identity theft
victims had no idea how the theft occurred, with 40% in the UK
clueless as to how their information was obtained. In fact, more
than half of identity theft victims in the UK (52%) had to be
contacted by their bank or credit card provider before they were
even aware their identity had been stolen.
However, another identity theft risk has recently come to light.
Credit card companies and banks are putting the public at risk by
using personal information to verify customers' identities. That
information is held in public records such as council records,
birth, marriage and death records, which can be obtained from
FamilyRecords.gov.uk
and records held at Companies House.
A recent
interview with Bruce Jenkins, managing consultant at Fortify
Software, revealed that personal details, including date of birth,
place of birth, mother's maiden name and current address, are held
in easily accessible public records.
If the financial industry wanted to reduce identity theft in the
UK, it should quit blaming what users post on their Facebook
accounts and stop using information that can be obtained through
public records. In other countries such as Sweden, many banks use
two-factor authentication, so users have one-time password devices
to access their finances.
The UK finance industry should look to do something similar or
allow users to create their own questions.
Ben Chai is chief editor of
SecurityVibes